With the recent increase in electronic financial transactions such as Internet banking or stock exchanges and e-mails or data communications enclosing therein confidential matters, personal or confidential information is more frequently taken for evil purposes through security defects of Internet communications.
Such leakage of information is resulted from various spy wares or hacking programs, which usually intercept data from an input device such as a keyboard and send the data to a target address of e-mail or web-site.
In the prior arts, a filter driver is installed or a hooking method is used in a client driver level that functions to operate a USB keyboard, so as to protect and control input/output data to/from the USB keyboard.
Now, however, some malicious codes are appeared to act in those lower than the client driver level. Accordingly, against the aforementioned malicious codes acting in the lower level, programs using technologies of hooking a hub driver or the USB bus driver are developed to basically protect input/output data of the USB drivers.
For example, a technology of hooking a USB hub driver for intercepting keyboard data is disclosed in the international publication No. WO 2008048035, “APPARATUS AND METHOD FOR PRESERVATION OF USB KEYBOARD”, published on Apr. 24, 2008. The apparatus for preservation of USB keyboard in the aforementioned publication prevents data inputted from a keyboard in communication with a main body being transferred to the external through USB.
Those technologies of hooking hub drivers or USB bus drivers, which are lower than the client driver level, seem to be effective against such malicious codes acting in the similar lower level. However, there have been some problems in that crashes may occur when various security products of different companies are hooking in the same level, and system crashes may occur more frequently during a process of restoring functions, which were unloaded for hooking. Further, as the malicious codes become more and more complicated and elaborate, such a method of simply hooking the hub drivers or the USB drivers in the lower level cannot reliably protect data of the USB devices from those malicious codes.